[Dshield] Sanity check

Esler, Joel - Contractor joel.esler at rcert-s.army.mil
Wed Oct 13 15:39:09 GMT 2004


Correct, however, no traceroute was conducted, there is no other traffic
present during this time period to or from this IP.  If it was a
traceroute it would have made it past the IDS device...

J

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Ramsden
Sent: Wednesday, October 13, 2004 10:14 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Sanity check


Esler, Joel - Contractor wrote:
> What would be the point of an unsolicited ICMP time exceeded in 
> transit?
> 
> Joel Esler, GCIA
>
Isn't this used in traceroute?

"Traceroute emits packets then uses the IP header's time-to-live (ttl)
field and ICMP's "time exceeded in-transit" message to follow and report
their path."

Chris Ramsden

_______________________________________________
DShield and the Internet Storm Center are sponsored by the SANS
Institute. To learn more about current SANS training, see
http://www.sans.org .

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list